AetherDroid/vendor_samsung_universal7570-common
1
0
Fork 0
mirror of https://github.com/AetherDroid/vendor_samsung_universal7570-common.git synced 2025-10-31 00:08:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
vendor_samsung_universal757.../universal7570-common/proprietary/etc/permissions/platform.xml
Prabhjot Singh c0b61d9a22 move to proprietary
2019-05-24 17:46:34 +05:30

364 lines
15 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (C) 2008 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- This file is used to define the mappings between lower-level system
user and group IDs and the higher-level permission names managed
by the platform.
Be VERY careful when editing this file! Mistakes made here can open
big security holes.
-->
<permissions>
<!-- ================================================================== -->
<!-- ================================================================== -->
<!-- ================================================================== -->
<!-- The following tags are associating low-level group IDs with
permission names. By specifying such a mapping, you are saying
that any application process granted the given permission will
also be running with the given group ID attached to its process,
so it can perform any filesystem (read, write, execute) operations
allowed for that group. -->
<permission name="android.permission.BLUETOOTH_ADMIN" >
<group gid="net_bt_admin" />
</permission>
<permission name="android.permission.BLUETOOTH" >
<group gid="net_bt" />
</permission>
<permission name="android.permission.BLUETOOTH_STACK" >
<group gid="bluetooth" />
<group gid="wakelock" />
</permission>
<permission name="android.permission.NET_TUNNELING" >
<group gid="vpn" />
</permission>
<permission name="android.permission.INTERNET" >
<group gid="inet" />
</permission>
<permission name="android.permission.READ_LOGS" >
<group gid="log" />
</permission>
<permission name="android.permission.WRITE_MEDIA_STORAGE" >
<group gid="media_rw" />
<group gid="sdcard_rw" />
</permission>
<permission name="android.permission.ACCESS_MTP" >
<group gid="mtp" />
</permission>
<permission name="android.permission.NET_ADMIN" >
<group gid="net_admin" />
</permission>
<!-- The group that /cache belongs to, linked to the permission
set on the applications that can access /cache -->
<permission name="android.permission.ACCESS_CACHE_FILESYSTEM" >
<group gid="cache" />
</permission>
<!-- RW permissions to any system resources owned by group 'diag'.
This is for carrier and manufacture diagnostics tools that must be
installable from the framework. Be careful. -->
<permission name="android.permission.DIAGNOSTIC" >
<group gid="input" />
<group gid="diag" />
</permission>
<!-- Group that can read detailed network usage statistics -->
<permission name="android.permission.READ_NETWORK_USAGE_HISTORY">
<group gid="net_bw_stats" />
</permission>
<!-- Group that can modify how network statistics are accounted -->
<permission name="android.permission.MODIFY_NETWORK_ACCOUNTING">
<group gid="net_bw_acct" />
</permission>
<permission name="android.permission.LOOP_RADIO" >
<group gid="loop_radio" />
</permission>
<!-- Hotword training apps sometimes need a GID to talk with low-level
hardware; give them audio for now until full HAL support is added. -->
<permission name="android.permission.MANAGE_VOICE_KEYPHRASES">
<group gid="audio" />
</permission>
<!--add Scloud permission -->
<permission name="com.samsung.android.permission.MEDIA_CLOUD_CONTENTS">
<group gid="scloud" />
</permission>
<permission name="android.permission.ACCESS_FM_RADIO" >
<!-- /dev/fm is gid media, not audio -->
<group gid="media" />
</permission>
<!-- MNO CIQ : ATT_IQI_START -->
<!-- Group that can perform I/O operations on the bridge device node. -->
<permission name="com.att.iqi.permission.ACCESS_BRIDGE">
<group gid="bridge_rw" />
</permission>
<!-- proc fs access -->
<permission name="com.att.iqi.permission.READPROC" >
<group gid="readproc" />
</permission>
<!-- MNO CIQ : ATT_IQI_END -->
<!-- These are permissions that were mapped to gids but we need
to keep them here until an upgrade from L to the current
version is to be supported. These permissions are built-in
and in L were not stored in packages.xml as a result if they
are not defined here while parsing packages.xml we would
ignore these permissions being granted to apps and not
propagate the granted state. From N we are storing the
built-in permissions in packages.xml as the saved storage
is negligible (one tag with the permission) compared to
the fragility as one can remove a built-in permission which
no longer needs to be mapped to gids and break grant propagation. -->
<permission name="android.permission.READ_EXTERNAL_STORAGE" />
<permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
<!-- Except for SysScope, DO NOT USE this permission. -->
<permission name="com.sec.android.app.sysscope.permission.ACCESS_SYSTEM_INFO_SYSSCOPE_ONLY" >
<group gid="radio" />
<group gid="readproc" />
</permission>
<!-- ================================================================== -->
<!-- ================================================================== -->
<!-- ================================================================== -->
<!-- The following tags are assigning high-level permissions to specific
user IDs. These are used to allow specific core system users to
perform the given operations with the higher-level framework. For
example, we give a wide variety of permissions to the shell user
since that is the user the adb shell runs under and developers and
others should have a fairly open environment in which to
interact with the system. -->
<assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />
<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="media" />
<assign-permission name="android.permission.WAKE_LOCK" uid="media" />
<assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="media" />
<assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="media" />
<assign-permission name="android.permission.GET_PROCESS_STATE_AND_OOM_SCORE" uid="media" />
<assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="audioserver" />
<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="audioserver" />
<assign-permission name="android.permission.WAKE_LOCK" uid="audioserver" />
<assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="audioserver" />
<assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="audioserver" />
<assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="cameraserver" />
<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="cameraserver" />
<assign-permission name="android.permission.WAKE_LOCK" uid="cameraserver" />
<assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="cameraserver" />
<assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="cameraserver" />
<assign-permission name="android.permission.GET_PROCESS_STATE_AND_OOM_SCORE" uid="cameraserver" />
<assign-permission name="com.samsung.permission.HRM_EXT" uid="cameraserver" />
<assign-permission name="com.samsung.permission.SSENSOR" uid="cameraserver" />
<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="graphics" />
<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="oem_5386" />
<assign-permission name="android.permission.CAPTURE_AUDIO_OUTPUT" uid="oem_5386" />
<assign-permission name="android.permission.RECORD_AUDIO" uid="oem_5386" />
<assign-permission name="android.permission.RECORD_AUDIO" uid="cameraserver" />
<!-- This is a list of all the libraries available for application
code to link against. -->
<library name="android.test.runner"
file="/system/framework/android.test.runner.jar" />
<library name="javax.obex"
file="/system/framework/javax.obex.jar" />
<library name="org.apache.http.legacy"
file="/system/framework/org.apache.http.legacy.jar" />
<!-- These are the standard packages that are white-listed to always have internet
access while in power save mode, even if they aren't in the foreground. -->
<allow-in-power-save package="com.android.providers.downloads" />
<!-- These are the standard packages that are white-listed to always have internet
access while in data mode, even if they aren't in the foreground. -->
<allow-in-data-usage-save package="com.android.providers.downloads" />
<!-- This is a core platform component that needs to freely run in the background -->
<allow-in-power-save package="com.android.cellbroadcastreceiver" />
<allow-in-power-save package="com.android.shell" />
<!-- SecProductFeature_KNOX.SEC_PRODUCT_FEATURE_KNOX_SUPPORT_MDM { -->
<!-- Knox Service -->
<allow-in-power-save package="com.samsung.klmsagent" />
<allow-in-data-usage-save package="com.samsung.klmsagent" />
<allow-in-power-save package="com.sec.enterprise.knox.cloudmdm.smdms" />
<allow-in-data-usage-save package="com.sec.enterprise.knox.cloudmdm.smdms" />
<!-- } SecProductFeature_KNOX.SEC_PRODUCT_FEATURE_KNOX_SUPPORT_MDM -->
<!-- These are the packages that are white-listed to be able to run as system user -->
<system-user-whitelisted-app package="com.android.settings" />
<!-- These are the packages that shouldn't run as system user -->
<system-user-blacklisted-app package="com.android.wallpaper.livepicker" />
<!-- Weather Daemon -->
<allow-in-power-save-except-idle package="com.sec.android.daemonapp" />
<allow-in-power-save package="com.sec.android.daemonapp" />
<allow-in-data-usage-save package="com.sec.android.daemonapp" />
<!-- Weather Forecast -->
<allow-in-power-save-except-idle package="com.samsung.android.weather" />
<allow-in-power-save package="com.samsung.android.weather" />
<!-- SamsungPay -->
<allow-in-power-save package="com.samsung.android.spay" />
<allow-in-data-usage-save package="com.samsung.android.spay" />
<!-- FaceBook -->
<allow-in-power-save package="com.facebook.services"/>
<!-- Game Service -->
<allow-in-power-save package="com.samsung.android.game.gametools"/>
<allow-in-power-save package="com.samsung.android.game.gamehome"/>
<allow-in-power-save package="com.enhance.gameservice" />
<!-- GalaxyApps -->
<allow-in-power-save package="com.sec.android.app.samsungapps"/>
<!-- Always On Display -->
<allow-in-power-save package="com.samsung.android.app.aodservice" />
<!-- Edge -->
<allow-in-power-save package="com.samsung.android.app.cocktailbarservice" />
<!-- AirCommand -->
<allow-in-power-save package="com.samsung.android.service.aircommand" />
<!-- Send Help Message -->
<allow-in-power-save package="com.sec.android.app.safetyassurance"/>
<!-- CSC application -->
<allow-in-power-save package="com.samsung.sec.android.application.csc"/>
<!-- Contacts application -->
<allow-in-power-save package="com.samsung.android.contacts"/>
<!-- KT114 Provider -->
<allow-in-data-usage-save package="com.samsung.kt114provider" />
<allow-in-power-save package="com.samsung.kt114provider" />
<!-- Peoplestripe -->
<allow-in-power-save package="com.samsung.android.service.peoplestripe" />
<!-- AppLock -->
<allow-in-power-save package="com.samsung.android.applock"/>
<!-- HongbaoAssistant -->
<allow-in-power-save package="com.samsung.hongbaoassistant" />
<!-- Blue light filter Service -->
<allow-in-power-save package="com.samsung.android.bluelightfilter"/>
<!-- AppLinker -->
<allow-in-power-save package="com.sec.android.app.applinker" />
<!-- Bixby Home -->
<allow-in-power-save package="com.samsung.android.app.spage"/>
<!-- Messging UI -->
<allow-in-power-save package="com.samsung.android.messaging"/>
<!-- Message CommuicationService -->
<allow-in-power-save package="com.samsung.android.communicationservice"/>
<!-- HandwritingService -->
<allow-in-power-save package="com.samsung.android.sdk.handwriting" />
<!-- CustomizationService -->
<allow-in-power-save package="com.samsung.android.rubin.app" />
<!-- Secure Wi-Fi -->
<allow-in-power-save package="com.samsung.android.fast" />
<allow-in-data-usage-save package="com.samsung.android.fast" />
<!-- Device Search -->
<allow-in-power-save package="com.samsung.android.app.galaxyfinder" />
<!-- Sound Quality andEffects -->
<allow-in-power-save package="com.sec.android.app.soundalive" />
<!-- Knox container -->
<allow-in-power-save package="com.samsung.android.knox.containercore" />
<allow-in-power-save package="com.samsung.android.knox.containeragent" />
<allow-in-power-save package="com.samsung.knox.securefolder" />
<!-- GalaxyBetaServicePlugin -->
<allow-in-power-save package="com.samsung.android.galaxybetaserviceplugin" />
<!-- Samsung capture -->
<allow-in-power-save package="com.samsung.android.app.smartcapture" />
<!-- Samsung Clipboard -->
<allow-in-power-save package="com.samsung.clipboardsaveservice" />
<allow-in-power-save package="com.samsung.android.clipboarduiservice" />
<!-- Samsung VideoPlayer -->
<allow-in-power-save package="com.samsung.android.video" />
<!-- Samsung Message -->
<allow-in-data-usage-save package="com.samsung.android.messaging"/>
<!-- Smart View -->
<allow-in-power-save package="com.samsung.android.smartmirroring" />
<!-- IMS -->
<allow-in-power-save package="com.sec.imsservice" />
<allow-in-data-usage-save package="com.sec.imsservice" />
<!-- NSDS -->
<allow-in-power-save package="com.sec.vsimservice" />
<allow-in-data-usage-save package="com.sec.vsimservice" />
<!-- Network Location Provider -->
<allow-in-power-save-except-idle package="com.baidu.map.location" />
<allow-in-power-save-except-idle package="com.amap.android.location" />
<allow-in-power-save package="com.baidu.map.location" />
<allow-in-power-save package="com.amap.android.location" />
<!-- SysScope -->
<allow-in-power-save package="com.sec.android.app.sysscope" />
<!-- SPenKeeper -->
<allow-in-power-save package="com.sec.android.app.SPenKeeper" />
<!-- Knox Guard -->
<allow-in-power-save package="com.samsung.android.kgclient"/>
<allow-in-data-usage-save package="com.samsung.android.kgclient"/>
</permissions>
Reference in a new issue View git blame Copy permalink